Archive

Posts Tagged ‘ntdsutil’

Quickie: List FSMO roles from command line

August 15th, 2013 2 comments

I always don’t remember commands to list all FSMO roles in domain so I decided to take a quick note into my diary 🙂 :

  • Connect to domain controller
  • run ntdsutil
  • write roles
  • write connections
  • write connect to server SERVER_NAME
  • write q
  • write select operation target
  • write list roles for connected server

 

More sexy command is

netdom query /domain:DOMAIN_NAME fsmo

 

and viola. I know it’s dummy post, but I had to wrote it down 🙂

 

Quickie: Remove data in AD after unsuccessful domain controller demotion

August 23rd, 2012 No comments

Today my ex-colleague called me that Windows 2000 Active Directory domain, he is taking care of, is not fully functional. He mentioned that “primary” domain controller is dead and now domain has some problems.

I had to seize all FSMO roles to live Domain Controller using ntdsutils as mentioned at this Microsoft article:

http://support.microsoft.com/kb/255504

I manually deleted dead domain controller’s information from Active Directory using following Microsoft article:

http://support.microsoft.com/kb/216498

After checking events I found out that there was also Certification Authority on dead domain controller and I needed to clean up all Enterprise Domain Certification Autorhority information from Active Directory Domain using following Microsoft article:

http://support.microsoft.com/kb/555151

PS: Don’t forget to put your account into all “administrative” groups: Domain Admins, Enterprise Admins and Schem Admins.